BlightFury Inactive
Ransomware group first observed in 2018. Uses Cobalt Strike for deployment.0
Total Victims
2018-07-01
First Seen
2022-03-01
Last Seen
20
Known TTPs
2.2d
Avg Delay
0
Negotiations
ONION URLS
6erhr46owlmf4comv2a2knrrtcq7dhxaooekvg2dyvs6qjlnm7ax6ikb.onion
TOOLS
Cobalt Strike
MegaSync
ADFind
PsExec
SystemBC
FILE EXTENSIONS
.dark
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1005 | Data from Local System | Collection |
| T1039 | Data from Network Shared Drive | Collection |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1219 | Remote Access Software | Command and Control |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1218.011 | Rundll32 | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1018 | Remote System Discovery | Discovery |
| T1082 | System Information Discovery | Discovery |
| T1059.003 | Windows Command Shell | Execution |
| T1486 | Data Encrypted for Impact | Impact |
| T1490 | Inhibit System Recovery | Impact |
| T1189 | Drive-by Compromise | Initial Access |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1021.004 | SSH | Lateral Movement |
| T1136.001 | Local Account | Persistence |
| T1547.001 | Registry Run Keys | Persistence |
| T1548.002 | Bypass UAC | Privilege Escalation |
No YARA rules
No IoCs
No ransom notes